Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: e95650438b
Branches Tags
helm-externa...
/
pkg
/
template
/
v2
/
template_test.go

template_test.go 33 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6. 	http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. See the License for the specific language governing permissions and
    12. 

  12. limitations under the License.
    13. 

  13. */
    14. 

  14. 

  15. package template
    16. 

  16. 

  17. import (
    18. 

  18. 	"os"
    19. 

  19. 	"strings"
    20. 

  20. 	"testing"
    21. 

  21. 

  22. 	"github.com/google/go-cmp/cmp"
    23. 

  23. 	"github.com/stretchr/testify/assert"
    24. 

  24. 	"github.com/stretchr/testify/require"
    25. 

  25. 	corev1 "k8s.io/api/core/v1"
    26. 

  26. 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    27. 

  27. 

  28. 	esapi "github.com/external-secrets/external-secrets/apis/externalsecrets/v1"
    29. 

  29. )
    30. 

  30. 

  31. const (
    32. 

  32. 	pkcs12ContentNoPass   = `MIIJYQIBAzCCCScGCSqGSIb3DQEHAaCCCRgEggkUMIIJEDCCA8cGCSqGSIb3DQEHBqCCA7gwggO0AgEAMIIDrQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQInZmyWpNTPS4CAggAgIIDgPzZTmogBRiLP0NJZEUghZ3Oh1aqHJJ32HKgXUpD5BJ/5AvpUL9FC7m6a3GD++P1On/35J9N50bDjfBJjJrl2zpA143bzltPQBOK30cBJjNsCeN2Dq1dcsvJZfEy20z75NduXjMF6/qs4BbE+1E6nYFYVNHUybFnaQwSx7+2/2OMbXbcFpt4bv3HTw0YLw2pZeW/4/4A9d+tC9UdVQTTyNbI8l9nf1aeaaPsw1keVLmHurmTihfwh469FvjgwiHUP/P3ZCn1tOpWDR8ck0j+ru6imVP2hn+Kvk6svllmYqo3A5DnDRoF/Cl9R0DAPyS0lw7BeGskgTm7B79mzVitTbzRnIUP+sGJjc1AVghnitfcX4ffv8gq5xWaKGucO/IZXbPBoe7tMhKZmsirKzD4RBhC3nMyrwaHJB6PqUwxMQGMLbuHe7GlWhJAyFlcOTt5dgNl+axIkWdisoKNinYYeOuxudqyX6yPfsyaRCV5MEez3Wu+59MENGlGDRWbw61QuwsZkr1bAT2SJrQ/zHn5aGAluQZ1csJhKQ34iy1Ml9K9F4Zh3/2OWPs0u6+JCb1PC1vChBkguqcqQtEcikRwR9dNF9cdMB1T1Xk5GqlmOPaigkYzGWLgtl8cV5/Zl0m2j77mX9x4HVCTercAABGf9JcCLzSCo04c5OwIYtWUXBkux5n2VI2ZIuS1KF+r6JNyL3lg/D8LColzDUP/6tQCBVVgMar3iLblM17wPMTDMR5Bn+NvenwJj6FWaGGMtdjygtN+oSHpNDbVygfGQy+jEgUtK7yw0uh/WKBMWVw1E6iNuhb8HIyCFtQon8sDkuZ81czOpR3Ta1SWUWrZD+pjpL2Z4y8Nc2wt9pVPvLFOTn+GDFVqGpde3kovh3GfJjYCG/HI5rXZyziflDOoSy0SyG6aVCG4ZqW2LTymoVN/kxf+skqAweX1vxvvJniiv8HgYfEASFUWear4uT641d1YwcEIawNv4n+GKBilK/7ODl2QL86svwqIcbyiJrneyU2tHymKzGcU2VxmSgf8EnjqGuIEo7WXOpk0oUMcvYrM73cgzZ3BchUDIN0KWSDI+vDcVY82dbI39KM6dtOJFAx3kEdms/gdSqZtmHUIeArGp+8caCCAK/W+4wTOvtisK+6MtzdMz6P93N78N4Vo6cs3dkj6t/6tgNog5SCfwlOEyUpmMIIFQQYJKoZIhvcNAQcBoIIFMgSCBS4wggUqMIIFJgYLKoZIhvcNAQwKAQKgggTuMIIE6jAcBgoqhkiG9w0BDAEDMA4ECHVnarQ94cqlAgIIAASCBMgUvEVKsUcqEvYJEJ9JixgB0W3uhSi/Espt931a/mwx5Ja2K7vjlttaOct3Zc8umVrP5C322tmHz9QDVPj3Bln8CGfofC/8Nb6+SDeofmYaQYReOZpZGksEBs4P3yURl8wQpIkG31Oyf3urDTJdplfDrzu6XpEpIf7RicIR+Zh4Q1+F75XwPo52/yNs8q/kVV8H97gSRqQ2GixIdyNu+JLtNjdwAERHy4DeQjwgiMCdL+xMfN+WJyIvkLZDoy9bacXeG4IcQM+n84272C6j1a0BPaOm0K5A7I0H1zpXOJiWfn3MrT4LHDudrQoIWUOvcJjWaIM/KyghotDN50THKN9qCEE9SmtfWXGGFaJmyxbUDFizBIAsFshNtMs/47PoInTSNwzxNvUUQ3ap93iquGZ9EaZAMY2HQHW/QJIQ70IbtcHU28Bus/hrMcV0X9D1p4UeHuk37W7aCrL6hS+ac9pmzwmcDBwZUliyInxRmqCCerjg2ojAM9SVg8FrpQUErP+BOaoCBwQqLLiz9BM+3tUQc/8MyaBHq+c2dUoPfvipDIQXYiq66CkjmPHxPFEL1l9d9oBFoIGkt6SIHDjWnTPc5q5SvJ9tz8Dp1k/1HQSA8OUS6j+XySYuGe8xTvN/oUpVRswef2Qd/kxZlc1FJ4lVAXvbW7C7772l14BJv/WULcFH4Sn83rlL3YwHr4vJMf6wLahn7oQPI0VFSQiiOOb/+gkiTrwO3Gz+HXOkUwaKnW85PeoIt3/q1u0CRl64mUjqCegi7RMY9Q9tRMlD5yx0RsH7mc4b6Eg/3IwGu8VQmZCO5W2unCpfzzyrOx7OaGGaW4RJ2Mx7bJ8uV9HU8MbbNntmc9oxebPdDnBmbt8p8t4ZZxC+zcqcXi3TxACXmwnasogQEi0d0ttXkB5cnDCG00Y8WPdNIWfJdIQh8Hj16LAMYWUacz/J0kLP99ENQntZibVw/Q3zZtHSF5tmsYp7o1HglBpRwLTcd026YTrxB+VCEiUYy4hH6a38oEEpY7wTIiRmEBQPIRM0HUOqVh4z6TNzRx6iIhrQEvg06B8U6iVPqy8FGDkhf3P55Ed95/Rw6uSdlMTHng+Q4aG00k4qKdKOyv55IXPcvEzAeVNBuesknaS8x7Eb/I5mHSoZU3RYAEFGbehUkvkhNr3Xq7/W/400AKiliravJq8j/qKIZ9hAVUWOps09F/4peYfLXM1AhxWWGa5QqvwFkClM+uRyqIRGJwl2Z7asl4sWVXbwtb+Axio+mYGdzxIki5iwJvRCwKapoZplndXKTrn2nYBuhxW2+fRHa8WYdsm/wn0K+jYMlZhquVjNXyL70/Sym6DkzCtJvveQs2CfcEWQuedjRSGFVFT2jV/s5F8L2TV7nQNVj6dEJSNM5JCdZ//OpiMHMCbPNeSxY9koGplUqFhP54F1WU9x+8xiFjEp8WKxQYKHUtj+ace0lLF4CDGXhFR/0k7Icarpax3hYnvagd2OpZyRJdavKBSs5U7/NPuO6sNhZ2NpzsOiul9Iu8bu3UHCECNKkwN4wF4alTlG9sAAbS4ns4wb9XTajG+OPYoDQZmuJfc71McN6m8KBHEnXU8r4epdR7xREe/w+h2MwtPhLvbxwO592tUxJTAjBgkqhkiG9w0BCRUxFgQUOEXV6IFYGpCSHi0MPHz4b3W0KOQwMTAhMAkGBSsOAwIaBQAEFAjyBCA+mr+5UkKuQ1jGw90ASfbVBAjbvqJJZikDPgICCAA=`
    33. 

  33. 	pkcs12ContentWithPass = `MIIJYQIBAzCCCScGCSqGSIb3DQEHAaCCCRgEggkUMIIJEDCCA8cGCSqGSIb3DQEHBqCCA7gwggO0AgEAMIIDrQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI2eZRJ7Ar+JQCAggAgIIDgFTbOtkFPjqxAoYRHoq1SbyXKf/NRbBA5AqxQlv9aFVT4VcxUSrMGaSWifX2UjsVWQzn134yoLLbdJ0jTorVD+EuBUmtb3xXbBwLqtFZxwcWodYA5WhPQdDcQo0cD3o1vrsXPQARQR6ISSFnhFjPYdH9cO2LqUKV5pjFhIs2/1VPDS2eY7SWZN52DK3QknSj23S3ZW2s4TFEj/5C4ssbO7cWNWBjjaORnd17FMNgVtcRw8ITmLdGBOpFUwP8wIdiLGrXiyjfMLns74nztRelV30/v0DPlz0pZtOPygi/dy0qpbil3wtOFrtQBLEdvLNmt9ikQgGs3pJBS68eMJLu3jAU6rCIKycq0+E0eMXeHcseyMwgguTj2h4t+E4S7nU11lViBFqkSBKxE28+9fNlPvCsZ4WhQZ6TAW3E/jDy/ZSqmak5V7/khMlRPvtrxz71ivksH0iipPdJJkGi7SDEvETySBETiqIslUmsF0ZYeHR5wIBkB5V8zmi8RRZtpvDGbzuQ22V6sNk2mTDh+BRus7gNCoSGWYXWqNNp1PnznuYCJp9T+0mObcAijE7IQuhpYMeQPF+MUIlG5lmpNouzuygTf++xrKIjzP36DcthnMPeD/8LYWfzkuAeRodjl7Z1G6XLvBD5h+Xlq23WPjMcXUiiWYXxTREAQ1EWUf4A9twGcxHJ5AatbvQY3QUoS4a7LNuy17lF7G+O1SFDtGeHZXHHecaVpuAtqZEYeUpqy6ZzMJXtXE1JNl/UR9TtTordb1V5Pf45JTYKLI+SwxVQbRiTgfhulNc+E3tV1AEELZt4CKmh1OFJoJRtyREMfdVuP4rx7ywIoMYuWw8CRqJ3qSmdwz2kmL2pfJNn6vDfN6rNa+sXWErOJ7naSAKQH2CJfnkCOFxkKfwjbOcNRbnGKah8NyWu6xqlv7Y4xEJYqmPahGHmrSfdAt3mpc5zD74DvetLIczcadKaLH7mp6h98xHayvXh0UE7ERHeskfSPrLxL9A3V1RZXDOtcZFWSKHzokuXMDF9OnrcMYDzYgtzof4ReY2t1ldGF7phYINhDlUNyhzyjwyWQbdkxr/+FtWq8Sbm7o2zMTby48c25gnqD9U8RTAO+bY3oV3dQ4bpAOzWdzVmFjESUFx0xVwbTSJGXdkH4YmD5He+xwxTa0Je0HE5+ui5dbP1gxUY+pCGLOhGMIIFQQYJKoZIhvcNAQcBoIIFMgSCBS4wggUqMIIFJgYLKoZIhvcNAQwKAQKgggTuMIIE6jAcBgoqhkiG9w0BDAEDMA4ECGYAccNFWW6kAgIIAASCBMgbXw69iyx73RGWS3FYeuvF5L1VWXQGrDLdUGwa3SdovXxmP1pKBAb82UuiydXDpKSVCmefeEQTs6ucEFRmXrDIldNanqUwbydy3GSJ+4iNsVQHbFgNppH4e90L7BlLcZ3MzSrVEwxWVMHq+XLqTKf3X3QyrmA3mmF96+Nd+icpDIktd+/h2BHnSXHNP0QfVH27H4DwbMDijttXY0JB+8qP9m25Wn4zkmOPEUhrY4Ptv2I08eHFAuNI0jWUwfRhC4FDbUdwFb0aZjA3Te6uYTsu2zAlmg9HuqsD/Ef/wkBEKZLBkjiXa/niFVrwELXhWZDPBAuo+/1UbzXglsW4QDU4LbUutcs6DLag1vLe40a2LO1ODQm7Zw0bxLkb3f/ry6ZFYvO78XmHo4c/oQf4KPUtM2bLz5q7uOxAx07vHYaU2BVt3NjgiIO5VVKjw0075GdgFxwPvYncv1fsC5jSIkX43GuzEtoBTpJKDYb2nhKbN9XWixwGOhUBTK3WYBhn+uaMJs4l3EgkDtK9tsUs5VQQHawj0WrGS1mQhaBfcyZzv4wSn0d3JUO2CN0e9EReJcQvsEnwUvohilOvjDHHhTq8Kp4XU4jbq7TAKqxs3TOmdoskRykn9oKUPExJVhJQonFT3ietV5BHrnN/QoDCSeOR80ZxvWHrQDz3Hm1ygiHd8LYmN4IjiD8b28ZrCALifWxh0WmIYtLZrUjMZavPh+caWH9IG32fTxV9b1bgJD8vWqscj9jCjeMJvkKQo8PFg1kMAxt1u+bIyktTq42O9qxwGrdqEMeBzXxDJMMaRIH3m9LNZ/P5Nk4/hMURhCZJtRtNfOVTK+Q6kKgsdK2EHcuEnp/qBefZjve+xmitbF1W7C4+B7b2JNBacdIm1nE56DwglT/IUk65JrNFP3rf4c5ic76LCQrvyfLiKCGaqcihM9siLVFPYdrnr8TlGbCFnGbpBqMQA5MtZQaDUug50PJtdxlgfwWH4qliimgchCaZbSTcgN5YTguSe16uUSusHD+r6XdtI0939uDILXJjQMczhIKNw8w0Tn4Z3/g2KlB6cwbtaglnnO4a/USh0cPC1a581byNqeFoMi+mAhqfKkwdDuti4GX7OrhkUOkiRjEUXdcckpmmIsyamH/g1dq3CNFXFNIgRRrzIDo4Opr3Ip2VE/4BDQoo/+Rybzxh8bsHgCEujQf8urGxjGyd2ulHoXzHWhz7pPPuY5UN6dC9WZmOQDVous/1nhYThoLVVc61Rk6d83+Ac7iRg4bY5q/73J4HvPMmrTOOOqqn3wc9Pe5ibEy4tFaYnim4p1ZRm8YcwosZmuFPdsP6G5l5qt6uOyr2+qNpXIBkDpG7I6Ls10O7L3PQAX9zRGfcz6Ds0KtuDrLpaVvhuXpewsBwpo1lmhv9bAa4ppBuWznmKigX+vYojSxd/eCRAtMs+Lx6ppZsYNVhbdEIGKXSGwG98sSTZkoLHBMkUW7S8jpeSCHZWEFBUOPJQzAr5cW1w+RAs33cGUygZ5XEEx4DeW8MnO4lCuP+VDOwu3TAKhzAD+qCyXbLEzWiyL5fq3XL+YJtoAc8Mra9lK6jDqzq4u+PLNoYY+kWTBhCyRZ+PfzcXLry8pxuP5E6VtRgfYcxJTAjBgkqhkiG9w0BCRUxFgQUOEXV6IFYGpCSHi0MPHz4b3W0KOQwMTAhMAkGBSsOAwIaBQAEFBa+SV9FU2UObo+nYKdyt/kZVw6FBAgey4GonFtJ2gICCAA=`
    34. 

  34. 	pkcs12Cert            = `-----BEGIN CERTIFICATE-----
    35. 

  35. MIIDHTCCAgWgAwIBAgIRAKC4yxy9QGocND+6avTf7BgwDQYJKoZIhvcNAQELBQAw
    36. 

  36. EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0yMTAzMjAyMDA4MDhaFw0yMTAzMjAyMDM4
    37. 

  37. MDhaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
    38. 

  38. ggEKAoIBAQC3o6/JdZEqNbqNRkopHhJtJG5c4qS5d0tQ/kZYpfD/v/izAYum4Nzj
    39. 

  39. aG15owr92/11W0pxPUliRLti3y6iScTs+ofm2D7p4UXj/Fnho/2xoWSOoWAodgvW
    40. 

  40. Y8jh8A0LQALZiV/9QsrJdXZdS47DYZLsQ3z9yFC/CdXkg1l7AQ3fIVGKdrQBr9kE
    41. 

  41. 1gEDqnKfRxXI8DEQKXr+CKPUwCAytegmy0SHp53zNAvY+kopHytzmJpXLoEhxq4e
    42. 

  42. ugHe52vXHdh/HJ9VjNp0xOH1waAgAGxHlltCW0PVd5AJ0SXROBS/a3V9sZCbCrJa
    43. 

  43. YOOonQSEswveSv6PcG9AHvpNPot2Xs6hAgMBAAGjbjBsMA4GA1UdDwEB/wQEAwIC
    44. 

  44. pDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
    45. 

  45. BBR00805mrpoonp95RmC3B6oLl+cGTAVBgNVHREEDjAMggpnb29ibGUuY29tMA0G
    46. 

  46. CSqGSIb3DQEBCwUAA4IBAQAipc1b6JrEDayPjpz5GM5krcI8dCWVd8re0a9bGjjN
    47. 

  47. ioWGlu/eTr5El0ffwCNZ2WLmL9rewfHf/bMvYz3ioFZJ2OTxfazqYXNggQz6cMfa
    48. 

  48. lbedDCdt5XLVX2TyerGvFram+9Uyvk3l0uM7rZnwAmdirG4Tv94QRaD3q4xTj/c0
    49. 

  49. mv+AggtK0aRFb9o47z/BypLdk5mhbf3Mmr88C8XBzEnfdYyf4JpTlZrYLBmDCu5d
    50. 

  50. 9RLLsjXxhag8xqMtd1uLUM8XOTGzVWacw8iGY+CTtBKqyA+AE6/bDwZvEwVtsKtC
    51. 

  51. QJ85ioEpy00NioqcF0WyMZH80uMsPycfpnl5uF7RkW8u
    52. 

  52. -----END CERTIFICATE-----
    53. 

  53. `
    54. 

  54. 	pkcs12Key = `-----BEGIN PRIVATE KEY-----
    55. 

  55. MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC3o6/JdZEqNbqN
    56. 

  56. RkopHhJtJG5c4qS5d0tQ/kZYpfD/v/izAYum4NzjaG15owr92/11W0pxPUliRLti
    57. 

  57. 3y6iScTs+ofm2D7p4UXj/Fnho/2xoWSOoWAodgvWY8jh8A0LQALZiV/9QsrJdXZd
    58. 

  58. S47DYZLsQ3z9yFC/CdXkg1l7AQ3fIVGKdrQBr9kE1gEDqnKfRxXI8DEQKXr+CKPU
    59. 

  59. wCAytegmy0SHp53zNAvY+kopHytzmJpXLoEhxq4eugHe52vXHdh/HJ9VjNp0xOH1
    60. 

  60. waAgAGxHlltCW0PVd5AJ0SXROBS/a3V9sZCbCrJaYOOonQSEswveSv6PcG9AHvpN
    61. 

  61. Pot2Xs6hAgMBAAECggEACTGPrmVNZDCWa1Y2hkJ0J7SoNcw+9O4M/jwMp4l/PD6P
    62. 

  62. I98S78LYLCZhPLK17SmjUcnFO1AXKW1JeFS2D/fjfP256guvcqQNjLFoioxcOhVb
    63. 

  63. ZGyd1Mi8JPqP5wfOj16gBeYDwTkjz9wqldcfiZaL9XoXetkZecbzR2JwC2FtIVuC
    64. 

  64. 0njTjMNYpaBKnoLb8OTR0EQz7lYEo2MkQiWryz8wseONnFmdfh18p+p10YgCbuCH
    65. 

  65. qesrWfDLLxaxZelNtDhDngg9LoCLmarYy7BgShacmUEgJTZ/x3xFC75thK3ln0OY
    66. 

  66. +ktTgvVotYYaZi7qAjQiEsTvkTAPg5RMpQLd2UIWsQKBgQDCBp+1vURbwGzmTNUg
    67. 

  67. HMipD6WDFdLc9DCacx6+ZqsEPTMWQbCpVZrDKiY0Rjt5F+xOCyMr00J5RDJXRC0G
    68. 

  68. +L7NcJdywOFutT7vB+cmETg7l/6PHweNYBnE66706eTL/KVYZMi4tEinarPWhHmL
    69. 

  69. jasfdLANtpDjdWkRt299TkPRbQKBgQDyS8Rr7KZdv04Csqkf+ASmiJpT5R6Y72kc
    70. 

  70. 3XYpKETyB2FyPZkuh/zInMut9SkkSI9O/jA3zf956jj6sF1DHvp7T8KkIp5OAQeD
    71. 

  71. J9AF65m2MnZfHFUeJ6ZQsggwMWqrD0ycIWP7YWtiBHH+D1wGkjYrssq+bvG/yNpA
    72. 

  72. LtqdKq9lhQKBgQCZA2hIhy61vRckuEsLvCdzTGeW7UsR/XGnHEqOlaEhArKbRsrv
    73. 

  73. gBdA+qiOaSTV5svw8E+YbE7sG6AnuhhYeyreEYEeeoZOLJmpIG5mUwYp2UBj1nC6
    74. 

  74. SaOI7OVZOGu7g09SWokBQQxbG4cgEfFY4Sym7fs5lVTGTP3Dfwppo6NQMQKBgQCo
    75. 

  75. J5NDP3Lafwk58BpV+H/pv8YzUUDh7M2rXbtCpxLqUdr8OOnVlEUISWFF8m5CIyVq
    76. 

  76. MhjuscWLK9Wtjba7/YTjDaDM3sW05xv6lyfU5ATCoNTr/zLHgcb4HAZ4w+L+otiN
    77. 

  77. RtMnxB2NYf5mzuwUF2cG/secUEzwyAlIH/xStSwTLQKBgQCRvqF+rqxnegoOgwVW
    78. 

  78. qrWPv06wXD8dW2FlPpY5GXqA0l6erSK3YsQQToRmbem9ibPD7bd5P4gNbWfxwK4C
    79. 

  79. Wt+1Rcb8OrDhDJbYz85bXBnPecKp4EN0b9SHO0/dsCqn2w30emc+9T/4m1ZDkpBd
    80. 

  80. BixHvI/EJ8YK3ta5WdJWKC6hnA==
    81. 

  81. -----END PRIVATE KEY-----
    82. 

  82. `
    83. 

  83. 	jwkPubRSA     = `{"kid":"ex","kty":"RSA","key_ops":["sign","verify","wrapKey","unwrapKey","encrypt","decrypt"],"n":"p2VQo8qCfWAZmdWBVaYuYb-a-tWWm78K6Sr9poCvNcmv8rUPSLACxitQWR8gZaSH1DklVkqz-Ed8Cdlf8lkDg4Ex5tkB64jRdC1Uvn4CDpOH6cp-N2s8hTFLqy9_YaDmyQS7HiqthOi9oVjil1VMeWfaAbClGtFt6UnKD0Vb_DvLoWYQSqlhgBArFJi966b4E1pOq5Ad02K8pHBDThlIIx7unibLehhDU6q3DCwNH_OOLx6bgNtmvGYJDd1cywpkLQ3YzNCUPWnfMBJRP3iQP_WI21uP6cvo0DqBPBM4wvVzHbCT0vnIflwkbgEWkq1FprqAitZlop9KjLqzjp9vyQ","e":"AQAB"}`
    84. 

  84. 	jwkPubRSAPKIX = `-----BEGIN PUBLIC KEY-----
    85. 

  85. MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2VQo8qCfWAZmdWBVaYu
    86. 

  86. Yb+a+tWWm78K6Sr9poCvNcmv8rUPSLACxitQWR8gZaSH1DklVkqz+Ed8Cdlf8lkD
    87. 

  87. g4Ex5tkB64jRdC1Uvn4CDpOH6cp+N2s8hTFLqy9/YaDmyQS7HiqthOi9oVjil1VM
    88. 

  88. eWfaAbClGtFt6UnKD0Vb/DvLoWYQSqlhgBArFJi966b4E1pOq5Ad02K8pHBDThlI
    89. 

  89. Ix7unibLehhDU6q3DCwNH/OOLx6bgNtmvGYJDd1cywpkLQ3YzNCUPWnfMBJRP3iQ
    90. 

  90. P/WI21uP6cvo0DqBPBM4wvVzHbCT0vnIflwkbgEWkq1FprqAitZlop9KjLqzjp9v
    91. 

  91. yQIDAQAB
    92. 

  92. -----END PUBLIC KEY-----
    93. 

  93. `
    94. 

  94. 	jwkPrivRSA      = `{"kty" : "RSA","kid" : "cc34c0a0-bd5a-4a3c-a50d-a2a7db7643df","use" : "sig","n"   : "pjdss8ZaDfEH6K6U7GeW2nxDqR4IP049fk1fK0lndimbMMVBdPv_hSpm8T8EtBDxrUdi1OHZfMhUixGaut-3nQ4GG9nM249oxhCtxqqNvEXrmQRGqczyLxuh-fKn9Fg--hS9UpazHpfVAFnB5aCfXoNhPuI8oByyFKMKaOVgHNqP5NBEqabiLftZD3W_lsFCPGuzr4Vp0YS7zS2hDYScC2oOMu4rGU1LcMZf39p3153Cq7bS2Xh6Y-vw5pwzFYZdjQxDn8x8BG3fJ6j8TGLXQsbKH1218_HcUJRvMwdpbUQG5nvA2GXVqLqdwp054Lzk9_B_f1lVrmOKuHjTNHq48w","e"   : "AQAB","d"   : "ksDmucdMJXkFGZxiomNHnroOZxe8AmDLDGO1vhs-POa5PZM7mtUPonxwjVmthmpbZzla-kg55OFfO7YcXhg-Hm2OWTKwm73_rLh3JavaHjvBqsVKuorX3V3RYkSro6HyYIzFJ1Ek7sLxbjDRcDOj4ievSX0oN9l-JZhaDYlPlci5uJsoqro_YrE0PRRWVhtGynd-_aWgQv1YzkfZuMD-hJtDi1Im2humOWxA4eZrFs9eG-whXcOvaSwO4sSGbS99ecQZHM2TcdXeAs1PvjVgQ_dKnZlGN3lTWoWfQP55Z7Tgt8Nf1q4ZAKd-NlMe-7iqCFfsnFwXjSiaOa2CRGZn-Q","p"   : "4A5nU4ahEww7B65yuzmGeCUUi8ikWzv1C81pSyUKvKzu8CX41hp9J6oRaLGesKImYiuVQK47FhZ--wwfpRwHvSxtNU9qXb8ewo-BvadyO1eVrIk4tNV543QlSe7pQAoJGkxCia5rfznAE3InKF4JvIlchyqs0RQ8wx7lULqwnn0","q"   : "ven83GM6SfrmO-TBHbjTk6JhP_3CMsIvmSdo4KrbQNvp4vHO3w1_0zJ3URkmkYGhz2tgPlfd7v1l2I6QkIh4Bumdj6FyFZEBpxjE4MpfdNVcNINvVj87cLyTRmIcaGxmfylY7QErP8GFA-k4UoH_eQmGKGK44TRzYj5hZYGWIC8","dp"  : "lmmU_AG5SGxBhJqb8wxfNXDPJjf__i92BgJT2Vp4pskBbr5PGoyV0HbfUQVMnw977RONEurkR6O6gxZUeCclGt4kQlGZ-m0_XSWx13v9t9DIbheAtgVJ2mQyVDvK4m7aRYlEceFh0PsX8vYDS5o1txgPwb3oXkPTtrmbAGMUBpE","dq"  : "mxRTU3QDyR2EnCv0Nl0TCF90oliJGAHR9HJmBe__EjuCBbwHfcT8OG3hWOv8vpzokQPRl5cQt3NckzX3fs6xlJN4Ai2Hh2zduKFVQ2p-AF2p6Yfahscjtq-GY9cB85NxLy2IXCC0PF--Sq9LOrTE9QV988SJy_yUrAjcZ5MmECk","qi"  : "ldHXIrEmMZVaNwGzDF9WG8sHj2mOZmQpw9yrjLK9hAsmsNr5LTyqWAqJIYZSwPTYWhY4nu2O0EY9G9uYiqewXfCKw_UngrJt8Xwfq1Zruz0YY869zPN4GiE9-9rzdZB33RBw8kIOquY3MK74FMwCihYx_LiU2YTHkaoJ3ncvtvg"}`
    95. 

  95. 	jwkPrivRSAPKCS8 = `-----BEGIN PRIVATE KEY-----
    96. 

  96. MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQCmN2yzxloN8Qfo
    97. 

  97. rpTsZ5bafEOpHgg/Tj1+TV8rSWd2KZswxUF0+/+FKmbxPwS0EPGtR2LU4dl8yFSL
    98. 

  98. EZq637edDgYb2czbj2jGEK3Gqo28ReuZBEapzPIvG6H58qf0WD76FL1SlrMel9UA
    99. 

  99. WcHloJ9eg2E+4jygHLIUowpo5WAc2o/k0ESppuIt+1kPdb+WwUI8a7OvhWnRhLvN
    100. 

  100. LaENhJwLag4y7isZTUtwxl/f2nfXncKrttLZeHpj6/DmnDMVhl2NDEOfzHwEbd8n
    101. 

  101. qPxMYtdCxsofXbXz8dxQlG8zB2ltRAbme8DYZdWoup3CnTngvOT38H9/WVWuY4q4
    102. 

  102. eNM0erjzAgMBAAECggEBAJLA5rnHTCV5BRmcYqJjR566DmcXvAJgywxjtb4bPjzm
    103. 

  103. uT2TO5rVD6J8cI1ZrYZqW2c5WvpIOeThXzu2HF4YPh5tjlkysJu9/6y4dyWr2h47
    104. 

  104. warFSrqK191d0WJEq6Oh8mCMxSdRJO7C8W4w0XAzo+Inr0l9KDfZfiWYWg2JT5XI
    105. 

  105. ubibKKq6P2KxND0UVlYbRsp3fv2loEL9WM5H2bjA/oSbQ4tSJtobpjlsQOHmaxbP
    106. 

  106. XhvsIV3Dr2ksDuLEhm0vfXnEGRzNk3HV3gLNT741YEP3Sp2ZRjd5U1qFn0D+eWe0
    107. 

  107. 4LfDX9auGQCnfjZTHvu4qghX7JxcF40omjmtgkRmZ/kCgYEA4A5nU4ahEww7B65y
    108. 

  108. uzmGeCUUi8ikWzv1C81pSyUKvKzu8CX41hp9J6oRaLGesKImYiuVQK47FhZ++wwf
    109. 

  109. pRwHvSxtNU9qXb8ewo+BvadyO1eVrIk4tNV543QlSe7pQAoJGkxCia5rfznAE3In
    110. 

  110. KF4JvIlchyqs0RQ8wx7lULqwnn0CgYEAven83GM6SfrmO+TBHbjTk6JhP/3CMsIv
    111. 

  111. mSdo4KrbQNvp4vHO3w1/0zJ3URkmkYGhz2tgPlfd7v1l2I6QkIh4Bumdj6FyFZEB
    112. 

  112. pxjE4MpfdNVcNINvVj87cLyTRmIcaGxmfylY7QErP8GFA+k4UoH/eQmGKGK44TRz
    113. 

  113. Yj5hZYGWIC8CgYEAlmmU/AG5SGxBhJqb8wxfNXDPJjf//i92BgJT2Vp4pskBbr5P
    114. 

  114. GoyV0HbfUQVMnw977RONEurkR6O6gxZUeCclGt4kQlGZ+m0/XSWx13v9t9DIbheA
    115. 

  115. tgVJ2mQyVDvK4m7aRYlEceFh0PsX8vYDS5o1txgPwb3oXkPTtrmbAGMUBpECgYEA
    116. 

  116. mxRTU3QDyR2EnCv0Nl0TCF90oliJGAHR9HJmBe//EjuCBbwHfcT8OG3hWOv8vpzo
    117. 

  117. kQPRl5cQt3NckzX3fs6xlJN4Ai2Hh2zduKFVQ2p+AF2p6Yfahscjtq+GY9cB85Nx
    118. 

  118. Ly2IXCC0PF++Sq9LOrTE9QV988SJy/yUrAjcZ5MmECkCgYEAldHXIrEmMZVaNwGz
    119. 

  119. DF9WG8sHj2mOZmQpw9yrjLK9hAsmsNr5LTyqWAqJIYZSwPTYWhY4nu2O0EY9G9uY
    120. 

  120. iqewXfCKw/UngrJt8Xwfq1Zruz0YY869zPN4GiE9+9rzdZB33RBw8kIOquY3MK74
    121. 

  121. FMwCihYx/LiU2YTHkaoJ3ncvtvg=
    122. 

  122. -----END PRIVATE KEY-----
    123. 

  123. `
    124. 

  124. 	jwkPubEC     = `{"kid":"https://kv-test-mj.vault.azure.net/keys/ec-p-521/e3d0e9c179b54988860c69c6ae172c65","kty":"EC","key_ops":["sign","verify"],"crv":"P-521","x":"AedOAtb7H7Oz1C_cPKI_R4CN_eai5nteY6KFW07FOoaqgQfVCSkQDK22fCOiMT_28c8LZYJRsiIFz_IIbQUW7bXj","y":"AOnchHnmBphIWXvanmMAmcCDkaED6ycW8GsAl9fQ43BMVZTqcTkJYn6vGnhn7MObizmkNSmgZYTwG-vZkIg03HHs"}`
    125. 

  125. 	jwkPubECPKIX = `-----BEGIN PUBLIC KEY-----
    126. 

  126. MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQB504C1vsfs7PUL9w8oj9HgI395qLm
    127. 

  127. e15jooVbTsU6hqqBB9UJKRAMrbZ8I6IxP/bxzwtlglGyIgXP8ghtBRbtteMA6dyE
    128. 

  128. eeYGmEhZe9qeYwCZwIORoQPrJxbwawCX19DjcExVlOpxOQlifq8aeGfsw5uLOaQ1
    129. 

  129. KaBlhPAb69mQiDTccew=
    130. 

  130. -----END PUBLIC KEY-----
    131. 

  131. `
    132. 

  132. 	jwkPrivEC      = `{"kty": "EC","kid": "rie3pHe8u8gjSa0IaJfqk7_iEfHeYfDYx-Bqi7vQc0s","crv": "P-256","x": "fDjg3Nq4jPf8IOZ0277aPVal_8iXySnzLUJAZghUzZM","y": "d863PeyBOK_Q4duiSmWwgIRzi1RPlFZTR-vACMlPg-Q","d": "jJs5xsoHUetdMabtt8H2KyX5T92nGul1chFeMT5hlr0"}`
    133. 

  133. 	jwkPrivECPKCS8 = `-----BEGIN PRIVATE KEY-----
    134. 

  134. MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgjJs5xsoHUetdMabt
    135. 

  135. t8H2KyX5T92nGul1chFeMT5hlr2hRANCAAR8OODc2riM9/wg5nTbvto9VqX/yJfJ
    136. 

  136. KfMtQkBmCFTNk3fOtz3sgTiv0OHbokplsICEc4tUT5RWU0frwAjJT4Pk
    137. 

  137. -----END PRIVATE KEY-----
    138. 

  138. `
    139. 

  139. )
    140. 

  140. 

  141. func TestExecute(t *testing.T) {
    142. 

  142. 	tbl := []struct {
    143. 

  143. 		name                string
    144. 

  144. 		tpl                 map[string][]byte
    145. 

  145. 		labelsTpl           map[string][]byte
    146. 

  146. 		annotationsTpl      map[string][]byte
    147. 

  147. 		stringDataTpl       map[string][]byte
    148. 

  148. 		data                map[string][]byte
    149. 

  149. 		expectedData        map[string][]byte
    150. 

  150. 		expectedStringData  map[string]string
    151. 

  151. 		expectedLabels      map[string]string
    152. 

  152. 		expectedAnnotations map[string]string
    153. 

  153. 		leftDelimiter       string
    154. 

  154. 		rightDelimiter      string
    155. 

  155. 		expErr              string
    156. 

  156. 		expLblErr           string
    157. 

  157. 		expAnnoErr          string
    158. 

  158. 		expStrErr           string
    159. 

  159. 	}{
    160. 

  160. 		{
    161. 

  161. 			name:           "test empty",
    162. 

  162. 			tpl:            nil,
    163. 

  163. 			labelsTpl:      nil,
    164. 

  164. 			annotationsTpl: nil,
    165. 

  165. 			data:           nil,
    166. 

  166. 		},
    167. 

  167. 		{
    168. 

  168. 			name: "b64dec func",
    169. 

  169. 			tpl: map[string][]byte{
    170. 

  170. 				"foo": []byte("{{ .secret | b64dec }}"),
    171. 

  171. 			},
    172. 

  172. 			data: map[string][]byte{
    173. 

  173. 				"secret": []byte("MTIzNA=="),
    174. 

  174. 			},
    175. 

  175. 			expectedData: map[string][]byte{
    176. 

  176. 				"foo": []byte("1234"),
    177. 

  177. 			},
    178. 

  178. 		},
    179. 

  179. 		{
    180. 

  180. 			name: "fromJson func",
    181. 

  181. 			tpl: map[string][]byte{
    182. 

  182. 				"foo": []byte("{{ $var := .secret | fromJson }}{{ $var.foo }}"),
    183. 

  183. 			},
    184. 

  184. 			data: map[string][]byte{
    185. 

  185. 				"secret": []byte(`{"foo": "bar"}`),
    186. 

  186. 			},
    187. 

  187. 			expectedData: map[string][]byte{
    188. 

  188. 				"foo": []byte("bar"),
    189. 

  189. 			},
    190. 

  190. 		},
    191. 

  191. 		{
    192. 

  192. 			name: "from & toJson func",
    193. 

  193. 			tpl: map[string][]byte{
    194. 

  194. 				"foo": []byte("{{ $var := .secret | fromJson }}{{ $var.foo | toJson }}"),
    195. 

  195. 			},
    196. 

  196. 			data: map[string][]byte{
    197. 

  197. 				"secret": []byte(`{"foo": {"baz":"bang"}}`),
    198. 

  198. 			},
    199. 

  199. 			expectedData: map[string][]byte{
    200. 

  200. 				"foo": []byte(`{"baz":"bang"}`),
    201. 

  201. 			},
    202. 

  202. 		},
    203. 

  203. 		{
    204. 

  204. 			name: "fromJson & toYaml func",
    205. 

  205. 			tpl: map[string][]byte{
    206. 

  206. 				"foo": []byte("{{ $var := .secret | fromJson | toYaml }}{{ $var }}"),
    207. 

  207. 			},
    208. 

  208. 			data: map[string][]byte{
    209. 

  209. 				"secret": []byte(`{"foo": "bar"}`),
    210. 

  210. 			},
    211. 

  211. 			expectedData: map[string][]byte{
    212. 

  212. 				"foo": []byte(`foo: bar`),
    213. 

  213. 			},
    214. 

  214. 		},
    215. 

  215. 		{
    216. 

  216. 			name: "fromYaml & toJson func",
    217. 

  217. 			tpl: map[string][]byte{
    218. 

  218. 				"foo": []byte("{{ $var := .secret | fromYaml | toJson }}{{ $var }}"),
    219. 

  219. 			},
    220. 

  220. 			data: map[string][]byte{
    221. 

  221. 				"secret": []byte(`foo: bar`),
    222. 

  222. 			},
    223. 

  223. 			expectedData: map[string][]byte{
    224. 

  224. 				"foo": []byte(`{"foo":"bar"}`),
    225. 

  225. 			},
    226. 

  226. 		},
    227. 

  227. 		{
    228. 

  228. 			name: "use sprig functions",
    229. 

  229. 			tpl: map[string][]byte{
    230. 

  230. 				"foo": []byte(`{{ .path | ext }}`),
    231. 

  231. 			},
    232. 

  232. 			data: map[string][]byte{
    233. 

  233. 				"path": []byte(`foo/bar/baz.exe`),
    234. 

  234. 			},
    235. 

  235. 			expectedData: map[string][]byte{
    236. 

  236. 				"foo": []byte(`.exe`),
    237. 

  237. 			},
    238. 

  238. 		},
    239. 

  239. 		{
    240. 

  240. 			name: "use replace function",
    241. 

  241. 			tpl: map[string][]byte{
    242. 

  242. 				"foo": []byte(`{{ .conn | replace "postgres://" "db+postgresql://"}}`),
    243. 

  243. 			},
    244. 

  244. 			data: map[string][]byte{
    245. 

  245. 				"conn": []byte(`postgres://user:pass@db.host:5432/dbname`),
    246. 

  246. 			},
    247. 

  247. 			expectedData: map[string][]byte{
    248. 

  248. 				"foo": []byte(`db+postgresql://user:pass@db.host:5432/dbname`),
    249. 

  249. 			},
    250. 

  250. 		},
    251. 

  251. 		{
    252. 

  252. 			name: "use upper function",
    253. 

  253. 			tpl: map[string][]byte{
    254. 

  254. 				"foo": []byte(`{{ .value | upper }}`),
    255. 

  255. 			},
    256. 

  256. 			data: map[string][]byte{
    257. 

  257. 				"value": []byte(`username`),
    258. 

  258. 			},
    259. 

  259. 			expectedData: map[string][]byte{
    260. 

  260. 				"foo": []byte(`USERNAME`),
    261. 

  261. 			},
    262. 

  262. 		},
    263. 

  263. 		{
    264. 

  264. 			name: "multiline template",
    265. 

  265. 			tpl: map[string][]byte{
    266. 

  266. 				"cfg": []byte(`
    267. 

  267. 		datasources:
    268. 

  268. 		- name: Graphite
    269. 

  269. 			type: graphite
    270. 

  270. 			access: proxy
    271. 

  271. 			url: http://localhost:8080
    272. 

  272. 			password: "{{ .password }}"
    273. 

  273. 			user: "{{ .user }}"`),
    274. 

  274. 			},
    275. 

  275. 			data: map[string][]byte{
    276. 

  276. 				"user":     []byte(`foobert`),
    277. 

  277. 				"password": []byte("harharhar"),
    278. 

  278. 			},
    279. 

  279. 			expectedData: map[string][]byte{
    280. 

  280. 				"cfg": []byte(`
    281. 

  281. 		datasources:
    282. 

  282. 		- name: Graphite
    283. 

  283. 			type: graphite
    284. 

  284. 			access: proxy
    285. 

  285. 			url: http://localhost:8080
    286. 

  286. 			password: "harharhar"
    287. 

  287. 			user: "foobert"`),
    288. 

  288. 			},
    289. 

  289. 		},
    290. 

  290. 		{
    291. 

  291. 			name: "base64 pipeline",
    292. 

  292. 			tpl: map[string][]byte{
    293. 

  293. 				"foo": []byte(`{{ "123412341234" | b64enc | b64dec }}`),
    294. 

  294. 			},
    295. 

  295. 			data: map[string][]byte{},
    296. 

  296. 			expectedData: map[string][]byte{
    297. 

  297. 				"foo": []byte("123412341234"),
    298. 

  298. 			},
    299. 

  299. 		},
    300. 

  300. 		{
    301. 

  301. 			name: "base64 pkcs12 extract",
    302. 

  302. 			tpl: map[string][]byte{
    303. 

  303. 				"key":  []byte(`{{ .secret | b64dec | pkcs12key }}`),
    304. 

  304. 				"cert": []byte(`{{ .secret | b64dec | pkcs12cert }}`),
    305. 

  305. 			},
    306. 

  306. 			data: map[string][]byte{
    307. 

  307. 				"secret": []byte(pkcs12ContentNoPass),
    308. 

  308. 			},
    309. 

  309. 			expectedData: map[string][]byte{
    310. 

  310. 				"key":  []byte(pkcs12Key),
    311. 

  311. 				"cert": []byte(pkcs12Cert),
    312. 

  312. 			},
    313. 

  313. 		},
    314. 

  314. 		{
    315. 

  315. 			name: "base64 pkcs12 extract with password",
    316. 

  316. 			tpl: map[string][]byte{
    317. 

  317. 				"key":  []byte(`{{ .secret | b64dec | pkcs12keyPass "123456" }}`),
    318. 

  318. 				"cert": []byte(`{{ .secret | b64dec | pkcs12certPass "123456" }}`),
    319. 

  319. 			},
    320. 

  320. 			data: map[string][]byte{
    321. 

  321. 				"secret": []byte(pkcs12ContentWithPass),
    322. 

  322. 			},
    323. 

  323. 			expectedData: map[string][]byte{
    324. 

  324. 				"key":  []byte(pkcs12Key),
    325. 

  325. 				"cert": []byte(pkcs12Cert),
    326. 

  326. 			},
    327. 

  327. 		},
    328. 

  328. 		{
    329. 

  329. 			name: "base64 decode error",
    330. 

  330. 			tpl: map[string][]byte{
    331. 

  331. 				"key": []byte(`{{ .example | b64dec }}`),
    332. 

  332. 			},
    333. 

  333. 			data: map[string][]byte{
    334. 

  334. 				"example": []byte("iam_no_base64"),
    335. 

  335. 			},
    336. 

  336. 			expErr: "", // silent error
    337. 

  337. 		},
    338. 

  338. 		{
    339. 

  339. 			name: "pkcs12 key wrong password",
    340. 

  340. 			tpl: map[string][]byte{
    341. 

  341. 				"key": []byte(`{{ .secret | b64dec | pkcs12keyPass "wrong" }}`),
    342. 

  342. 			},
    343. 

  343. 			data: map[string][]byte{
    344. 

  344. 				"secret": []byte(pkcs12ContentWithPass),
    345. 

  345. 			},
    346. 

  346. 			expErr: "unable to decode pkcs12",
    347. 

  347. 		},
    348. 

  348. 		{
    349. 

  349. 			name: "pkcs12 cert wrong password",
    350. 

  350. 			tpl: map[string][]byte{
    351. 

  351. 				"cert": []byte(`{{ .secret | b64dec | pkcs12certPass "wrong" }}`),
    352. 

  352. 			},
    353. 

  353. 			data: map[string][]byte{
    354. 

  354. 				"secret": []byte(pkcs12ContentWithPass),
    355. 

  355. 			},
    356. 

  356. 			expErr: "unable to decode pkcs12",
    357. 

  357. 		},
    358. 

  358. 		{
    359. 

  359. 			name: "fromJson error",
    360. 

  360. 			tpl: map[string][]byte{
    361. 

  361. 				"key": []byte(`{{ "{ # no json # }" | fromJson }}`),
    362. 

  362. 			},
    363. 

  363. 			data:   map[string][]byte{},
    364. 

  364. 			expErr: "", // silent error
    365. 

  365. 		},
    366. 

  366. 		{
    367. 

  367. 			name: "template syntax error",
    368. 

  368. 			tpl: map[string][]byte{
    369. 

  369. 				"key": []byte(`{{ #xx }}`),
    370. 

  370. 			},
    371. 

  371. 			data:   map[string][]byte{},
    372. 

  372. 			expErr: "unable to parse template",
    373. 

  373. 		},
    374. 

  374. 		{
    375. 

  375. 			name: "unknown key error",
    376. 

  376. 			tpl: map[string][]byte{
    377. 

  377. 				"key": []byte(`{{ .unknown }}`),
    378. 

  378. 			},
    379. 

  379. 			data:   map[string][]byte{},
    380. 

  380. 			expErr: "unable to execute template at key key",
    381. 

  381. 		},
    382. 

  382. 		{
    383. 

  383. 			name: "jwk rsa pub pem",
    384. 

  384. 			tpl: map[string][]byte{
    385. 

  385. 				"fn": []byte(`{{ .secret | jwkPublicKeyPem }}`),
    386. 

  386. 			},
    387. 

  387. 			data: map[string][]byte{
    388. 

  388. 				"secret": []byte(jwkPubRSA),
    389. 

  389. 			},
    390. 

  390. 			expectedData: map[string][]byte{
    391. 

  391. 				"fn": []byte(jwkPubRSAPKIX),
    392. 

  392. 			},
    393. 

  393. 		},
    394. 

  394. 		{
    395. 

  395. 			name: "jwk rsa priv pem",
    396. 

  396. 			tpl: map[string][]byte{
    397. 

  397. 				"fn": []byte(`{{ .secret | jwkPrivateKeyPem }}`),
    398. 

  398. 			},
    399. 

  399. 			data: map[string][]byte{
    400. 

  400. 				"secret": []byte(jwkPrivRSA),
    401. 

  401. 			},
    402. 

  402. 			expectedData: map[string][]byte{
    403. 

  403. 				"fn": []byte(jwkPrivRSAPKCS8),
    404. 

  404. 			},
    405. 

  405. 		},
    406. 

  406. 		{
    407. 

  407. 			name: "jwk ecdsa pub pem",
    408. 

  408. 			tpl: map[string][]byte{
    409. 

  409. 				"fn": []byte(`{{ .secret | jwkPublicKeyPem }}`),
    410. 

  410. 			},
    411. 

  411. 			data: map[string][]byte{
    412. 

  412. 				"secret": []byte(jwkPubEC),
    413. 

  413. 			},
    414. 

  414. 			expectedData: map[string][]byte{
    415. 

  415. 				"fn": []byte(jwkPubECPKIX),
    416. 

  416. 			},
    417. 

  417. 		},
    418. 

  418. 		{
    419. 

  419. 			name: "jwk ecdsa priv pem",
    420. 

  420. 			tpl: map[string][]byte{
    421. 

  421. 				"fn": []byte(`{{ .secret | jwkPrivateKeyPem }}`),
    422. 

  422. 			},
    423. 

  423. 			data: map[string][]byte{
    424. 

  424. 				"secret": []byte(jwkPrivEC),
    425. 

  425. 			},
    426. 

  426. 			expectedData: map[string][]byte{
    427. 

  427. 				"fn": []byte(jwkPrivECPKCS8),
    428. 

  428. 			},
    429. 

  429. 		},
    430. 

  430. 		{
    431. 

  431. 			name: "filter pem certificate",
    432. 

  432. 			tpl: map[string][]byte{
    433. 

  433. 				"fn": []byte(`{{ .secret | filterPEM "CERTIFICATE" }}`),
    434. 

  434. 			},
    435. 

  435. 			data: map[string][]byte{
    436. 

  436. 				"secret": []byte(jwkPrivRSAPKCS8 + pkcs12Cert),
    437. 

  437. 			},
    438. 

  438. 			expectedData: map[string][]byte{
    439. 

  439. 				"fn": []byte(pkcs12Cert),
    440. 

  440. 			},
    441. 

  441. 		},
    442. 

  442. 		{
    443. 

  443. 			name: "labels",
    444. 

  444. 			tpl: map[string][]byte{
    445. 

  445. 				"foo": []byte("{{ .secret | b64dec }}"),
    446. 

  446. 			},
    447. 

  447. 			labelsTpl: map[string][]byte{
    448. 

  448. 				"bar": []byte("{{ .env | b64dec }}"),
    449. 

  449. 			},
    450. 

  450. 			data: map[string][]byte{
    451. 

  451. 				"secret": []byte("MTIzNA=="),
    452. 

  452. 				"env":    []byte("ZGV2"),
    453. 

  453. 			},
    454. 

  454. 			expectedData: map[string][]byte{
    455. 

  455. 				"foo": []byte("1234"),
    456. 

  456. 			},
    457. 

  457. 			expectedLabels: map[string]string{
    458. 

  458. 				"bar": "dev",
    459. 

  459. 			},
    460. 

  460. 		},
    461. 

  461. 		{
    462. 

  462. 			name: "annotations",
    463. 

  463. 			tpl: map[string][]byte{
    464. 

  464. 				"foo": []byte("{{ .secret | b64dec }}"),
    465. 

  465. 			},
    466. 

  466. 			annotationsTpl: map[string][]byte{
    467. 

  467. 				"bar": []byte("{{ .env | b64dec }}"),
    468. 

  468. 			},
    469. 

  469. 			data: map[string][]byte{
    470. 

  470. 				"secret": []byte("MTIzNA=="),
    471. 

  471. 				"env":    []byte("ZGV2"),
    472. 

  472. 			},
    473. 

  473. 			expectedData: map[string][]byte{
    474. 

  474. 				"foo": []byte("1234"),
    475. 

  475. 			},
    476. 

  476. 			expectedAnnotations: map[string]string{
    477. 

  477. 				"bar": "dev",
    478. 

  478. 			},
    479. 

  479. 		},
    480. 

  480. 		{
    481. 

  481. 			name: "stringData",
    482. 

  482. 			stringDataTpl: map[string][]byte{
    483. 

  483. 				"foo": []byte("{{ .secret | b64dec }}"),
    484. 

  484. 			},
    485. 

  485. 			data: map[string][]byte{
    486. 

  486. 				"secret": []byte("MTIzNA=="),
    487. 

  487. 				"env":    []byte("ZGV2"),
    488. 

  488. 			},
    489. 

  489. 			expectedStringData: map[string]string{
    490. 

  490. 				"foo": "1234",
    491. 

  491. 			},
    492. 

  492. 		},
    493. 

  493. 		{
    494. 

  494. 			name: "NonStandardDelimiters",
    495. 

  495. 			stringDataTpl: map[string][]byte{
    496. 

  496. 				"foo": []byte("<< .secret | b64dec >>"),
    497. 

  497. 			},
    498. 

  498. 			leftDelimiter:  "<<",
    499. 

  499. 			rightDelimiter: ">>",
    500. 

  500. 			data: map[string][]byte{
    501. 

  501. 				"secret": []byte("MTIzNA=="),
    502. 

  502. 				"env":    []byte("ZGV2"),
    503. 

  503. 			},
    504. 

  504. 			expectedStringData: map[string]string{
    505. 

  505. 				"foo": "1234",
    506. 

  506. 			},
    507. 

  507. 		},
    508. 

  508. 	}
    509. 

  509. 

  510. 	for i := range tbl {
    511. 

  511. 		row := tbl[i]
    512. 

  512. 		t.Run(row.name, func(t *testing.T) {
    513. 

  513. 			sec := &corev1.Secret{
    514. 

  514. 				Data:       make(map[string][]byte),
    515. 

  515. 				StringData: make(map[string]string),
    516. 

  516. 				ObjectMeta: v1.ObjectMeta{Labels: make(map[string]string), Annotations: make(map[string]string)},
    517. 

  517. 			}
    518. 

  518. 			oldLeftDelim := leftDelim
    519. 

  519. 			oldRightDelim := rightDelim
    520. 

  520. 			if row.leftDelimiter != "" {
    521. 

  521. 				leftDelim = row.leftDelimiter
    522. 

  522. 			}
    523. 

  523. 			if row.rightDelimiter != "" {
    524. 

  524. 				rightDelim = row.rightDelimiter
    525. 

  525. 			}
    526. 

  526. 			defer func() {
    527. 

  527. 				leftDelim = oldLeftDelim
    528. 

  528. 				rightDelim = oldRightDelim
    529. 

  529. 			}()
    530. 

  530. 			err := Execute(row.tpl, row.data, esapi.TemplateScopeValues, esapi.TemplateTargetData, sec)
    531. 

  531. 			if !ErrorContains(err, row.expErr) {
    532. 

  532. 				t.Errorf("unexpected error: %s, expected: %s", err, row.expErr)
    533. 

  533. 			}
    534. 

  534. 			err = Execute(row.labelsTpl, row.data, esapi.TemplateScopeValues, esapi.TemplateTargetLabels, sec)
    535. 

  535. 			if !ErrorContains(err, row.expLblErr) {
    536. 

  536. 				t.Errorf("unexpected error: %s, expected: %s", err, row.expErr)
    537. 

  537. 			}
    538. 

  538. 			err = Execute(row.annotationsTpl, row.data, esapi.TemplateScopeValues, esapi.TemplateTargetAnnotations, sec)
    539. 

  539. 			if !ErrorContains(err, row.expAnnoErr) {
    540. 

  540. 				t.Errorf("unexpected error: %s, expected: %s", err, row.expErr)
    541. 

  541. 			}
    542. 

  542. 			if row.expectedData != nil {
    543. 

  543. 				assert.EqualValues(t, row.expectedData, sec.Data)
    544. 

  544. 			}
    545. 

  545. 			if row.expectedLabels != nil {
    546. 

  546. 				assert.EqualValues(t, row.expectedLabels, sec.ObjectMeta.Labels)
    547. 

  547. 			}
    548. 

  548. 			if row.expectedAnnotations != nil {
    549. 

  549. 				assert.EqualValues(t, row.expectedAnnotations, sec.ObjectMeta.Annotations)
    550. 

  550. 			}
    551. 

  551. 		})
    552. 

  552. 	}
    553. 

  553. }
    554. 

  554. 

  555. func TestScopeValuesWithSecretFieldsNil(t *testing.T) {
    556. 

  556. 	tbl := []struct {
    557. 

  557. 		name               string
    558. 

  558. 		tpl                map[string][]byte
    559. 

  559. 		target             esapi.TemplateTarget
    560. 

  560. 		data               map[string][]byte
    561. 

  561. 		expectedData       map[string][]byte
    562. 

  562. 		expectedStringData map[string]string
    563. 

  563. 		expErr             string
    564. 

  564. 	}{
    565. 

  565. 		{
    566. 

  566. 			name:   "test empty",
    567. 

  567. 			tpl:    map[string][]byte{},
    568. 

  568. 			target: esapi.TemplateTargetData,
    569. 

  569. 			data:   nil,
    570. 

  570. 		},
    571. 

  571. 		{
    572. 

  572. 			name:   "test byte",
    573. 

  573. 			tpl:    map[string][]byte{"foo": []byte("bar")},
    574. 

  574. 			target: esapi.TemplateTargetData,
    575. 

  575. 			data: map[string][]byte{
    576. 

  576. 				"key":   []byte("foo"),
    577. 

  577. 				"value": []byte("bar"),
    578. 

  578. 			},
    579. 

  579. 			expectedData: map[string][]byte{
    580. 

  580. 				"foo": []byte("bar"),
    581. 

  581. 			},
    582. 

  582. 		},
    583. 

  583. 		{
    584. 

  584. 			name:   "test Annotations",
    585. 

  585. 			tpl:    map[string][]byte{"foo": []byte("bar")},
    586. 

  586. 			target: esapi.TemplateTargetAnnotations,
    587. 

  587. 			data: map[string][]byte{
    588. 

  588. 				"key":   []byte("foo"),
    589. 

  589. 				"value": []byte("bar"),
    590. 

  590. 			},
    591. 

  591. 			expectedStringData: map[string]string{
    592. 

  592. 				"foo": "bar",
    593. 

  593. 			},
    594. 

  594. 		},
    595. 

  595. 		{
    596. 

  596. 			name:   "test Labels",
    597. 

  597. 			tpl:    map[string][]byte{"foo": []byte("bar")},
    598. 

  598. 			target: esapi.TemplateTargetLabels,
    599. 

  599. 			data: map[string][]byte{
    600. 

  600. 				"key":   []byte("foo"),
    601. 

  601. 				"value": []byte("bar"),
    602. 

  602. 			},
    603. 

  603. 			expectedStringData: map[string]string{
    604. 

  604. 				"foo": "bar",
    605. 

  605. 			},
    606. 

  606. 		},
    607. 

  607. 	}
    608. 

  608. 	for i := range tbl {
    609. 

  609. 		row := tbl[i]
    610. 

  610. 		t.Run(row.name, func(t *testing.T) {
    611. 

  611. 			sec := &corev1.Secret{}
    612. 

  612. 			err := Execute(row.tpl, row.data, esapi.TemplateScopeValues, row.target, sec)
    613. 

  613. 			if !ErrorContains(err, row.expErr) {
    614. 

  614. 				t.Errorf("unexpected error: %s, expected: %s", err, row.expErr)
    615. 

  615. 			}
    616. 

  616. 			switch row.target {
    617. 

  617. 			case esapi.TemplateTargetData:
    618. 

  618. 				if row.expectedData != nil {
    619. 

  619. 					assert.EqualValues(t, row.expectedData, sec.Data)
    620. 

  620. 				}
    621. 

  621. 			case esapi.TemplateTargetLabels:
    622. 

  622. 				if row.expectedStringData != nil {
    623. 

  623. 					assert.EqualValues(t, row.expectedStringData, sec.Labels)
    624. 

  624. 				}
    625. 

  625. 			case esapi.TemplateTargetAnnotations:
    626. 

  626. 				if row.expectedStringData != nil {
    627. 

  627. 					assert.EqualValues(t, row.expectedStringData, sec.Annotations)
    628. 

  628. 				}
    629. 

  629. 			}
    630. 

  630. 		})
    631. 

  631. 	}
    632. 

  632. }
    633. 

  633. 

  634. func TestExecuteInvalidTemplateScope(t *testing.T) {
    635. 

  635. 	sec := &corev1.Secret{}
    636. 

  636. 	err := Execute(map[string][]byte{"foo": []byte("bar")}, nil, "invalid", esapi.TemplateTargetData, sec)
    637. 

  637. 	require.Error(t, err)
    638. 

  638. 	assert.ErrorContains(t, err, "expected 'Values' or 'KeysAndValues'")
    639. 

  639. }
    640. 

  640. 

  641. func TestScopeKeysAndValues(t *testing.T) {
    642. 

  642. 	tbl := []struct {
    643. 

  643. 		name               string
    644. 

  644. 		tpl                map[string][]byte
    645. 

  645. 		target             esapi.TemplateTarget
    646. 

  646. 		data               map[string][]byte
    647. 

  647. 		expectedData       map[string][]byte
    648. 

  648. 		expectedStringData map[string]string
    649. 

  649. 		expErr             string
    650. 

  650. 	}{
    651. 

  651. 		{
    652. 

  652. 			name:   "test empty",
    653. 

  653. 			tpl:    map[string][]byte{"literal": []byte("")},
    654. 

  654. 			target: "Data",
    655. 

  655. 			data:   nil,
    656. 

  656. 		},
    657. 

  657. 		{
    658. 

  658. 			name:   "test base64",
    659. 

  659. 			tpl:    map[string][]byte{"literal": []byte("{{ .key }}: {{ .value }}")},
    660. 

  660. 			target: esapi.TemplateTargetData,
    661. 

  661. 			data: map[string][]byte{
    662. 

  662. 				"key":   []byte("foo"),
    663. 

  663. 				"value": []byte("bar"),
    664. 

  664. 			},
    665. 

  665. 			expectedData: map[string][]byte{
    666. 

  666. 				"foo": []byte("bar"),
    667. 

  667. 			},
    668. 

  668. 		},
    669. 

  669. 		{
    670. 

  670. 			name:   "test Annotations",
    671. 

  671. 			tpl:    map[string][]byte{"literal": []byte("{{ .key }}: {{ .value }}")},
    672. 

  672. 			target: esapi.TemplateTargetAnnotations,
    673. 

  673. 			data: map[string][]byte{
    674. 

  674. 				"key":   []byte("foo"),
    675. 

  675. 				"value": []byte("bar"),
    676. 

  676. 			},
    677. 

  677. 			expectedStringData: map[string]string{
    678. 

  678. 				"foo": "bar",
    679. 

  679. 			},
    680. 

  680. 		},
    681. 

  681. 		{
    682. 

  682. 			name:   "test Labels",
    683. 

  683. 			tpl:    map[string][]byte{"literal": []byte("{{ .key }}: {{ .value }}")},
    684. 

  684. 			target: esapi.TemplateTargetLabels,
    685. 

  685. 			data: map[string][]byte{
    686. 

  686. 				"key":   []byte("foo"),
    687. 

  687. 				"value": []byte("bar"),
    688. 

  688. 			},
    689. 

  689. 			expectedStringData: map[string]string{
    690. 

  690. 				"foo": "bar",
    691. 

  691. 			},
    692. 

  692. 		},
    693. 

  693. 	}
    694. 

  694. 	for i := range tbl {
    695. 

  695. 		row := tbl[i]
    696. 

  696. 		t.Run(row.name, func(t *testing.T) {
    697. 

  697. 			sec := &corev1.Secret{
    698. 

  698. 				Data:       make(map[string][]byte),
    699. 

  699. 				StringData: make(map[string]string),
    700. 

  700. 				ObjectMeta: v1.ObjectMeta{Labels: make(map[string]string), Annotations: make(map[string]string)},
    701. 

  701. 			}
    702. 

  702. 			err := Execute(row.tpl, row.data, esapi.TemplateScopeKeysAndValues, row.target, sec)
    703. 

  703. 			if !ErrorContains(err, row.expErr) {
    704. 

  704. 				t.Errorf("unexpected error: %s, expected: %s", err, row.expErr)
    705. 

  705. 			}
    706. 

  706. 			switch row.target {
    707. 

  707. 			case esapi.TemplateTargetData:
    708. 

  708. 				if row.expectedData != nil {
    709. 

  709. 					assert.EqualValues(t, row.expectedData, sec.Data)
    710. 

  710. 				}
    711. 

  711. 			case esapi.TemplateTargetLabels:
    712. 

  712. 				if row.expectedStringData != nil {
    713. 

  713. 					assert.EqualValues(t, row.expectedStringData, sec.Labels)
    714. 

  714. 				}
    715. 

  715. 			case esapi.TemplateTargetAnnotations:
    716. 

  716. 				if row.expectedStringData != nil {
    717. 

  717. 					assert.EqualValues(t, row.expectedStringData, sec.Annotations)
    718. 

  718. 				}
    719. 

  719. 			}
    720. 

  720. 		})
    721. 

  721. 	}
    722. 

  722. }
    723. 

  723. func ErrorContains(out error, want string) bool {
    724. 

  724. 	if out == nil {
    725. 

  725. 		return want == ""
    726. 

  726. 	}
    727. 

  727. 	if want == "" {
    728. 

  728. 		return false
    729. 

  729. 	}
    730. 

  730. 	return strings.Contains(out.Error(), want)
    731. 

  731. }
    732. 

  732. 

  733. func TestPkcs12certPass(t *testing.T) {
    734. 

  734. 	const (
    735. 

  735. 		leafCertPath         = "_testdata/foo.crt"
    736. 

  736. 		intermediateCertPath = "_testdata/intermediate-ca.crt"
    737. 

  737. 		rootCertPath         = "_testdata/root-ca.crt"
    738. 

  738. 		disjunctCertPath     = "_testdata/disjunct-root-ca.crt"
    739. 

  739. 	)
    740. 

  740. 	type args struct {
    741. 

  741. 		pass     string
    742. 

  742. 		filename string
    743. 

  743. 	}
    744. 

  744. 	type testCase struct {
    745. 

  745. 		name    string
    746. 

  746. 		args    args
    747. 

  747. 		want    []string
    748. 

  748. 		wantErr bool
    749. 

  749. 	}
    750. 

  750. 	tests := []testCase{
    751. 

  751. 		{
    752. 

  752. 			// this case expects the whole chain to be stored
    753. 

  753. 			// in a single bag.
    754. 

  754. 			// bag(1): leaf/root/intermediate cert
    755. 

  755. 			// bag(2): private key
    756. 

  756. 			name: "read file without password",
    757. 

  757. 			args: args{
    758. 

  758. 				pass:     "",
    759. 

  759. 				filename: "_testdata/foo-nopass.pfx",
    760. 

  760. 			},
    761. 

  761. 			want: []string{
    762. 

  762. 				// this order is important
    763. 

  763. 				leafCertPath,
    764. 

  764. 				intermediateCertPath,
    765. 

  765. 				rootCertPath,
    766. 

  766. 			},
    767. 

  767. 		},
    768. 

  768. 		{
    769. 

  769. 			// same as above but with password
    770. 

  770. 			name: "read file with password",
    771. 

  771. 			args: args{
    772. 

  772. 				pass:     "1234",
    773. 

  773. 				filename: "_testdata/foo-withpass-1234.pfx",
    774. 

  774. 			},
    775. 

  775. 			want: []string{
    776. 

  776. 				// this order is important
    777. 

  777. 				leafCertPath,
    778. 

  778. 				intermediateCertPath,
    779. 

  779. 				rootCertPath,
    780. 

  780. 			},
    781. 

  781. 		},
    782. 

  782. 		{
    783. 

  783. 			// cert chain may be stored in different bags
    784. 

  784. 			// this test case uses a pfx that has the following structure:
    785. 

  785. 			// bag(1): leaf certificate
    786. 

  786. 			// bag(2): root + intermediate cert
    787. 

  787. 			// bag(3): private key
    788. 

  788. 			name: "read multibag cert chain",
    789. 

  789. 			args: args{
    790. 

  790. 				pass:     "",
    791. 

  791. 				filename: "_testdata/foo-multibag-nopass.pfx",
    792. 

  792. 			},
    793. 

  793. 			want: []string{
    794. 

  794. 				// this order is important
    795. 

  795. 				leafCertPath,
    796. 

  796. 				intermediateCertPath,
    797. 

  797. 				rootCertPath,
    798. 

  798. 			},
    799. 

  799. 		},
    800. 

  800. 		{
    801. 

  801. 			// cert chain may contain a disjunct cert
    802. 

  802. 			// bag(1): leaf/root/intermediate/disjunct
    803. 

  803. 			// bag(2): private key
    804. 

  804. 			name: "read disjunct cert chain",
    805. 

  805. 			args: args{
    806. 

  806. 				pass:     "",
    807. 

  807. 				filename: "_testdata/foo-disjunct-nopass.pfx",
    808. 

  808. 			},
    809. 

  809. 			want: []string{
    810. 

  810. 				// this order is important
    811. 

  811. 				leafCertPath,
    812. 

  812. 				rootCertPath,
    813. 

  813. 				intermediateCertPath,
    814. 

  814. 				disjunctCertPath,
    815. 

  815. 			},
    816. 

  816. 		},
    817. 

  817. 		{
    818. 

  818. 			name: "read file wrong password",
    819. 

  819. 			args: args{
    820. 

  820. 				pass:     "wrongpass",
    821. 

  821. 				filename: "_testdata/foo-withpass-1234.pfx",
    822. 

  822. 			},
    823. 

  823. 			wantErr: true,
    824. 

  824. 		},
    825. 

  825. 	}
    826. 

  826. 

  827. 	testFunc := func(t *testing.T, tc testCase) {
    828. 

  828. 		archive, err := os.ReadFile(tc.args.filename)
    829. 

  829. 		if err != nil {
    830. 

  830. 			t.Error(err)
    831. 

  831. 		}
    832. 

  832. 		var expOut []byte
    833. 

  833. 		for _, w := range tc.want {
    834. 

  834. 			c, err := os.ReadFile(w)
    835. 

  835. 			if err != nil {
    836. 

  836. 				t.Error(err)
    837. 

  837. 			}
    838. 

  838. 			expOut = append(expOut, c...)
    839. 

  839. 		}
    840. 

  840. 		got, err := pkcs12certPass(tc.args.pass, string(archive))
    841. 

  841. 		if (err != nil) != tc.wantErr {
    842. 

  842. 			t.Errorf("pkcs12certPass() error = %v, wantErr %v", err, tc.wantErr)
    843. 

  843. 			return
    844. 

  844. 		}
    845. 

  845. 		if diff := cmp.Diff(string(expOut), got); diff != "" {
    846. 

  846. 			t.Errorf("pkcs12certPass() = diff:\n%s", diff)
    847. 

  847. 		}
    848. 

  848. 	}
    849. 

  849. 

  850. 	for _, tt := range tests {
    851. 

  851. 		t.Run(tt.name, func(t *testing.T) {
    852. 

  852. 			testFunc(t, tt)
    853. 

  853. 		})
    854. 

  854. 	}
    855. 

  855. }
    856.